Skip to main content

Building Integrations

Introduction

Machine identity integrations connect Venafi's platforms with external systems for managing certificates, code signing, SSH keys, and more. This section provides guidance on building integrations for your own environment.

Important: You do NOT need to contribute your integration to the public marketplace. Build what you need for your organization, and only package it for public distribution if you want to share with the broader community.


Integration Types

CA Connectors

Purpose: Issue certificates from external Certificate Authorities

CA connectors are REST-based web services that communicate between Venafi platforms and third-party CAs. They handle authentication, product/option retrieval, certificate requests, and certificate issuance.

When to use:

  • Integrating with a new Certificate Authority
  • Need certificate issuance workflows
  • Support for Certificate Manager SaaS or NGTS

Learn more: CA Connector Framework


Machine Connectors

Purpose: Deploy certificates to servers, load balancers, and network devices

Machine connectors are plugins that push and configure certificates from Venafi to target applications. They handle authentication, certificate installation, and service configuration.

When to use:

  • Deploying certificates to new device/platform types
  • Automating certificate lifecycle on servers
  • Support for Certificate Manager SaaS or NGTS

Learn more: Machine Connector Framework


TPP Adaptable App Drivers

Purpose: Extend Certificate Manager Self-Hosted (formerly TLS Protect Datacenter)

Adaptable App Drivers are PowerShell-based integrations specifically for Certificate Manager Self-Hosted. They provide a lighter-weight alternative to full Go-based connectors.

When to use:

  • Targeting Certificate Manager Self-Hosted only (not SaaS/NGTS)
  • Need rapid development (PowerShell vs Go)
  • Integrating with Windows-based systems
  • Don't need advanced features like discovery

Learn more: TPP Adaptable App Drivers


REST API & VCert SDK

Purpose: Programmatic certificate operations and automation

Direct API integration or SDK usage for custom applications and automation scripts.

When to use:

  • Quick prototyping and testing
  • Custom automation scripts
  • Integration into existing applications
  • Direct control over certificate operations

Learn more:


Decision Matrix

Choose the right approach for your use case:

Use CaseRecommended Approach
Deploy certificates to new device typeMachine Connector Framework
Connect to new Certificate AuthorityCA Connector Framework
Extend TLS Protect Self-Hosted with PowerShellTPP Adaptable App Driver
Automate certificate operations in scriptsVCert SDK or REST API
Prototype and test quicklyVCert SDK or REST API
Build production-grade multi-platform connectorCA/Machine Connector Framework

Development Workflow

  1. Choose your approach using the decision matrix above
  2. Review the framework documentation for your chosen approach
  3. Set up your development environment following the framework guide
  4. Implement your integration using provided templates and patterns
  5. Test locally using simulation tools (VenProxy for connectors)
  6. Deploy to your environment for production use

Optional: If you want to share your integration publicly, see Contributing to the Marketplace for packaging and submission guidance.


Best Practices

Review Integration Best Practices for:

  • Error handling patterns
  • Logging standards
  • Testing strategies
  • Security considerations
  • Performance optimization

Getting Help